Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…
Serdar Yegulalp | InfoWorld, 16 May 2014 Adobe's ID services went down for over 24 hours, leaving Creative Cloud users—and a great many others—locked out of their software and accounts http://www.infoworld.com/t/cloud-computing/adobe-creative-cloud-crash-shows-no-cloud-too-big-fail-242674 selected text: A problem with Adobe Creative Cloud locked users of Adobe's software out of their programs—and a good deal else on top of that—for more than 24 hours starting Wednesday night. But every other Adobe service that used Adobe's ID system was also affected, as noted by The Register's Alistair Dibbs. At least one "national [UK] newspaper" wasn't able to publish its Adobe DPS tablet edition on Thursday because of the outage. The breadth and duration of Adobe's service interruption ranks as further evidence that no cloud infrastructure is too big or too important to fail. Dropbox went down for 16 hours in January of 2013, and Google Drive experienced a similar 17-hour meltdown of its own in March. One estimate has put the cost of major-league cloud outages at some $71 million since 2007, but failures like Adobe's—where a single piece of failing infrastructure brings down multiple systems --have most likely driven that estimate far higher.
Jeremy Kirk, InfoWorld, 21 May 2014 The utility, which was not identified, used a simple password system and had been compromised before http://www.infoworld.com/d/security/public-utility-compromised-after-brute-force-attack-dhs-says-242881
Woody Leonhard | InfoWorld, 16 May 2014 There's confirmation of two more bugs and a Stop 0x7B 'Blue Screen' as Microsoft re-issues the patch, changing metadata but no programs http://www.infoworld.com/t/microsoft-windows/microsoft-acknowledges-more-errors-80070371-and-80071a91-when-installing-windows-81-updatekb-2919355-2426
Loek Essers, InfoWorld, 21 May 2014 Users are asked to change passwords after attackers compromised employee log-in credentials http://www.infoworld.com/d/security/hackers-hit-ebay-database-containing-personal-info-242910
Zach Miners, InfoWorld, 22 May 2014 The browser privacy system is in tatters, and most websites either don't honor DNT or interpret it in different ways http://www.infoworld.com/d/applications/do-not-track-oh-what-the-heck-go-ahead-242965
Gregg Keizer, Computerworld, InfoWorld. 19 May 2014 Will likely kick off process in June to get more Firefox users on the latest version with the new Australis UI http://www.infoworld.com/d/applications/mozilla-plans-semi-silent-updates-tug-laggards-the-newest-firefox-242695 opening text: Mozilla is preparing nearly-silent upgrades to get customers stuck on older versions of Firefox onto the newest edition, according to notes on the company's website and its bug-tracking database. The plan is to start upgrading older Windows editions beginning with the next stable release, Firefox 30, which is slated to ship June 10. "In the next weeks we will [be] implementing a project to get users on older versions of Firefox back onto the latest version," said Benjamin Smedberg on a Mozilla developers planning discussion thread. "We've confirmed ... that about 2% of Firefox profiles are getting 'stuck' on older versions in each release cycle, at least back to Firefox 22." On his LinkedIn profile, Smedberg identifies himself as a Mozilla engineering manager. Smedberg said that Mozilla didn't know why some of its users continue to run outdated versions of Firefox. But with Firefox's background update mechanism, those users had to have explicitly switched off or at least restricted updates. [much more omitted.] Well, let me answer that for you, Mr. Smedberg. 1) I like to know what is running on my system. I program, and if an update causes a problem, I would at least like to know that there was an update. Consequently, I prefer to update manually. 2) I installed version 29. I detest the new interface and went back to version 28. 3) I do not like the frequent nagging (multiple times per day) to "upgrade" to 29.1. Does anyone know of a good browser that is not intrusive? I would like one that runs NoScript or an equivalent. I have used Firefox since version 0.94, but there are other browsers.
Claudiu Popa, *IT Business*, 21 May 2014 http://www.itbusiness.ca/blog/what-questions-should-we-be-asking-about-the-ebay-breach/48903 selected text: Shortly after the eBay press release hit the wire, the media started calling to ask for my feedback on the whys and the hows of this latest debacle. With that firmly in mind, eBay's response was still entirely inadequate. The press release, not addressed at the public but at the media, simply indicated that a few employee accounts were used to gain access to a database of user information. That information included personal addresses, emails, phone numbers, dates of birth, names and um—don't worry: no financial information. No passwords either, since they were encrypted. There are plenty of positive, responsible, respectful ways to announce that you dropped the ball on security. This announcement is not one of them, unless it's just for the purpose of summarily complying with legislation.
Jeremy Kirk, InfoWorld, 15 May 2014 The company opposes DRM but has little choice lest users be cut off from popular content services, Mozilla's CTO says http://www.infoworld.com/d/applications/firefox-will-get-drm-copy-protection-despite-mozillas-concerns-242555 selected text: Mozilla will upgrade its Firefox browser with copyright protection technology, fearing a loss of users if they can't play protected content from services like Netflix, Hulu and Amazon. The organization has long opposed DRM (Digital Rights Management) technologies, which seek to prevent unauthorized sharing of content under copyright protection. Critics say DRM also prevents legal uses of content, such as a person moving it between two of their own devices. DRM can also potentially leak users' private information, Gal wrote. Many DRM systems "fingerprint" a device, collecting identifying information so they can prevent content from being played on a different device.
Robert X. Cringely, InfoWorld, 22 May 2014 The Feds ran roughshod over Lavabit, forcing it to shut down and proving that in the privacy wars, the government is fighting to win -- and fighting dirty http://www.infoworld.com/t/cringely/privacy-takes-beating-in-the-fbis-kangaroo-court-242939
Serdar Yegulalp, InfoWorld, 19 May 2014 Five members of the Chinese Army have been indicted for allegedly hacking U.S. firms and stealing trade secrets http://www.infoworld.com/t/cyber-crime/us-charges-chinese-army-members-cyber-espionage-242754
Woody Leonhard | InfoWorld, 21 May 2014 With AT&T now turning your DNS logs into a money-making proposition, it's time to look at alternatives http://www.infoworld.com/t/internet-privacy/another-privacy-threat-dns-logging-and-how-avoid-it-242879
Robert Faturechi, *Los Angeles Times*, 16 May 2014 "A growing number of cameras—hundreds around Los Angeles, thousands nationwide—are engaged in a simple pursuit: Taking pictures of license plates. The digital photos, automatically snapped by cameras mounted on cars and street poles and then tagged with time and location, are transmitted to massive databases running on remote computer servers. Cops can then search those databases to track the past whereabouts of drivers. Law enforcement officials say the data collection is invaluable for tracking down stolen cars and catching fugitives. But such databases are also being built by private firms, which can sell access to anyone willing to pay, such as lenders, repo workers and private investigators. That is raising worries among privacy advocates and lawmakers, who say the fast-growing industry is not only ripe for conflicts of interest but downright invasive." http://www.latimes.com/business/la-fi-law-enforcement-contractors-20140518-story.html
Megan Geuss, Ars Technica, 20 May 2014 (Via Dave Farber) Regulations take effect mid-September; rules for the public may come this December. <http://arstechnica.com/cars-2/2014/05/california-approves-rules-for-testing-self-driving-cars-in-california/> On Tuesday, the California Department of Motor Vehicles (DMV) officially approved rules to allow the testing of autonomous vehicles on public roads. The rules will take effect September 16, 2014. The move has been a long time coming, with the DMV promising back in December 2013 that it would post regulations for public use of self-driving cars and then holding a public hearing in January to address concerns about them. These new rules will set a statewide standard for all manufacturers. (Although Google has been running pilot programs in Mountain View and elsewhere, it's not the only company pursuing an automated vehicle -- Nvidia told Ars last week that Audi has plans to incorporate a “cruise control for stop-and-go traffic'' feature in one of its cars come 2015.) Bryant Walker Smith, a fellow at the Center for Automotive Research at Stanford (CARS), told Ars that the new rules could change how manufacturers proceed with their testing. “The DMV has a really, really difficult task, and I was impressed with the thoughtfulness of their approach,'' he said. “I would say that anyone who is reading these documents will have to read very closely.'' According to the adopted regulatory text that the California DMV posted on Tuesday, a manufacturer which wants to test autonomous vehicles has to apply for a testing permit, certify its drivers to test the cars, and secure a $5 million insurance or safety bond. The testing permit must be renewed after one year or else it expires. During the tests, an operator must remain in the driver's seat at all times and must obtain an “Autonomous Vehicle Testing (AVT) Program Test Vehicle Operator Permit'' from the DMV. To obtain such a permit, the operator must go through a training program put together by the manufacturer and approved by the DMV, which includes “defensive driver training, including practical experience in recovering from hazardous driving scenarios'' as well as “instruction that matches the level of the autonomous test vehicle driver's experience operating the specific type of automated driving system technology with the level of technical maturity of the automated system.'' ...
(Ars Technica via NNSquad) http://arstechnica.com/business/2014/05/comcast-time-warner-cable-still-have-the-angriest-customers-survey-finds/ "Merging cable giants are the worst-rated companies in the worst-rated industry." At least they're consistent.
Thomas P. Keenan Technocreep: The Surrender of Privacy and the Capitalization of Intimacy OR Books, 2014 (http://www.orbooks.com/catalog/technocreep/) Throughout this book, it is clear that creeps are creeping with increasing creepiness. Every chapter in this book is a self-contained gem, full of timely and important thoughts that relate to the present time and to our future. Sensor Creep and Tracking Creep are very ominous. Government Creep is especially pithy: “One of the creepiest aspects of technology is that you never really know who or what to believe anymore.'' Thomas P. Keenan has done a wonderful job in threading so many seemingly disparate ideas into the single notion of `creep'. Indeed, creeping is generally thought of as going forward; however, in many of his examples, we may actually be creeping (if not lurching) backward. This book is an must read for everyone interested in RISKS—technologists, legislators and government officials, ordinary citizens, and even luddites. As an aside, I note that The Internet of Things (IOT, or IoT if you prefer)—perhaps one of the very biggest opportunities for creep of all —might eventually create an Identity (ID) something akin to a URL for almost any object you can possibly imagine, including you personally. If Technocreep ever realizes the total dis-anthropomorphization of the human race by treating people as Things, we may all have idiotically become ID-IOTs.
Please report problems with the web pages to the maintainer